Cleanup and tests

Sources/Packages/Sources/SecretKit/Types/SecretStore.swift

@@ -79,3 +79,15 @@ extension NSNotification.Name {
     public static let secretStoreReloaded = NSNotification.Name("com.maxgoedjen.Secretive.secretStore.reloaded")
 
 }
+
+public typealias SecurityError = Unmanaged<CFError>
+
+extension CFError {
+
+    public static let verifyError = CFErrorCreate(nil, NSOSStatusErrorDomain as CFErrorDomain, CFIndex(errSecVerifyFailed), nil)!
+
+    static public func ~=(lhs: CFError, rhs: CFError) -> Bool {
+        CFErrorGetDomain(lhs) == CFErrorGetDomain(rhs) && CFErrorGetCode(lhs) == CFErrorGetCode(rhs)
+    }
+
+}

Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveStore.swift

@@ -164,7 +164,11 @@ extension SecureEnclave {
             let key = untypedSafe as! SecKey
             let verified = SecKeyVerifySignature(key, .ecdsaSignatureMessageX962SHA256, data as CFData, signature as CFData, &verifyError)
             if !verified, let verifyError {
-                throw SigningError(error: verifyError)
+                if verifyError.takeUnretainedValue() ~= .verifyError {
+                    return false
+                } else {
+                    throw SigningError(error: verifyError)
+                }
             }
             return verified
         }
@@ -313,11 +317,6 @@ extension SecureEnclave {
 
 }
 
-extension SecureEnclave {
-
-    public typealias SecurityError = Unmanaged<CFError>
-
-}
 
 extension SecureEnclave {
 

Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift

@@ -113,7 +113,11 @@ extension SmartCard {
             }
             let verified = SecKeyVerifySignature(key, signatureAlgorithm, data as CFData, signature as CFData, &verifyError)
             if !verified, let verifyError {
-                throw SigningError(error: verifyError)
+                if verifyError.takeUnretainedValue() ~= .verifyError {
+                    return false
+                } else {
+                    throw SigningError(error: verifyError)
+                }
             }
             return verified
         }
@@ -218,7 +222,7 @@ extension SmartCard.Store {
             kSecAttrKeyClass: kSecAttrKeyClassPublic,
             kSecUseAuthenticationContext: context
         ])
-        var encryptError: SmartCard.SecurityError?
+        var encryptError: SecurityError?
         let untyped: CFTypeRef? = SecKeyCreateWithData(secret.publicKey as CFData, attributes, &encryptError)
         guard let untypedSafe = untyped else {
             throw SmartCard.KeychainError(statusCode: errSecSuccess)
@@ -271,7 +275,7 @@ extension SmartCard.Store {
             throw SmartCard.KeychainError(statusCode: errSecSuccess)
         }
         let key = untypedSafe as! SecKey
-        var encryptError: SmartCard.SecurityError?
+        var encryptError: SecurityError?
         let signatureAlgorithm: SecKeyAlgorithm
         switch (secret.algorithm, secret.keySize) {
         case (.ellipticCurve, 256):
@@ -315,9 +319,3 @@ extension SmartCard {
     }
 
 }
-
-extension SmartCard {
-
-    public typealias SecurityError = Unmanaged<CFError>
-
-}

Sources/Packages/Tests/SecretAgentKitTests/AgentTests.swift

@@ -61,13 +61,17 @@ class AgentTests: XCTestCase {
         var rs = r
         rs.append(s)
         let signature = try! P256.Signing.ECDSASignature(rawRepresentation: rs)
-        let refereneceValid = try! P256.Signing.PublicKey(x963Representation: Constants.Secrets.ecdsa256Secret.publicKey).isValidSignature(signature, for: dataToSign)
+        let referenceValid = try! P256.Signing.PublicKey(x963Representation: Constants.Secrets.ecdsa256Secret.publicKey).isValidSignature(signature, for: dataToSign)
         let store = list.stores.first!
-        let valid = try? store.verify(signature: rs, for: dataToSign, with: AnySecret(Constants.Secrets.ecdsa256Secret))
-        let invalid = try? store.verify(signature: rs, for: dataToSign, with: AnySecret(Constants.Secrets.ecdsa256Secret))
-        XCTAssertTrue(refereneceValid)
-        XCTAssert(valid == true)
-        XCTAssert(invalid == false)
+        let derVerifies = try! store.verify(signature: signature.derRepresentation, for: dataToSign, with: AnySecret(Constants.Secrets.ecdsa256Secret))
+        let invalidRandomSignature = try? store.verify(signature: "invalid".data(using: .utf8)!, for: dataToSign, with: AnySecret(Constants.Secrets.ecdsa256Secret))
+        let invalidRandomData = try? store.verify(signature: signature.derRepresentation, for: "invalid".data(using: .utf8)!, with: AnySecret(Constants.Secrets.ecdsa256Secret))
+        let invalidWrongKey = try? store.verify(signature: signature.derRepresentation, for: dataToSign, with: AnySecret(Constants.Secrets.ecdsa384Secret))
+        XCTAssertTrue(referenceValid)
+        XCTAssertTrue(derVerifies)
+        XCTAssert(invalidRandomSignature == false)
+        XCTAssert(invalidRandomData == false)
+        XCTAssert(invalidWrongKey == false)
     }
 
     // MARK: Witness protocol

Sources/Packages/Tests/SecretAgentKitTests/StubStore.swift

@@ -96,9 +96,12 @@ extension Stub {
                 fatalError()
             }
             let verified = SecKeyVerifySignature(key, signatureAlgorithm, data as CFData, signature as CFData, &verifyError)
-            if verifyError != nil {
-                print(verifyError!.takeUnretainedValue())
-                throw NSError(domain: "test", code: 0, userInfo: nil)
+            if let verifyError {
+                if verifyError.takeUnretainedValue() ~= .verifyError {
+                    return false
+                } else {
+                    throw NSError(domain: "test", code: 0, userInfo: nil)
+                }
             }
             return verified
         }